Tech Forum

Alan_Brown wrote:No, there is no blanket prohibition on exporting MLS membership data for use in 3rd party solutions. See, for example, the section titled Personal Digital Assistant in the Record Keeping FAQ at http://www.lds.org/bfs/RecordKeepingFAQ.pdf.

What you will notice is that there is a requirement to keep the data confidential:


Because of this concern about confidentiality, it would not be permitted to upload membership data to 3rd party servers. But if the 3rd party application is running on a computer where the data can be secured, and it is properly deleted when the user no longer has the calling, I don't see why a 3rd Party application would be any different from the PDA answer given in the official document I cited above.

Alan's response is the best on this. Even members can currently download a csv file form the stake and ward web site with their units membership information. And the policy states that all information should be kept secure and confidential. I look at it like there is no difference in membership information, home teaching, etc. that is printed out and stored in a binder and the binder is taken home and putting the information on a PDA.

We definitely do not want information housed on a 3rd party server. However, if there are any questions that are not clear enough, please post and I can find better answers.

enriquer wrote:After reading the responses it seems that what "official" guideliness there are defined for limited situations (PDAs ,etc.)

So I am stepping away from this with the following understanding:
1. Membership data is defined as data exported from MLS containing DOBs, record #'s, and other private info.
2. Membership data cannot be loaded on non-church owned servers.
3. MLS exports, such as the PalmFamily file, are presently permitted on PDA's.
4. It is believed but not known if MLS membership record exports are permitted on home computers. If so they should be secured from the internet.

Did I interpret this correctly?

I'd pretty much agree, except for point 4. For one thing, getting data to a PDA pretty much requires that you import MLS export files on your home computer before you sync with your PDA. Beyond that, you seem to be assuming that exports to third party apps are permitted only if they are explicitly allowed in a written policy. While I can certainly understand why you might take that position, that's not the only possible interpretation. I'll turn it around. You said,

enriquer wrote:To my knowledge the church prohibits exporting MLS "membership" data for use in 3rd party solutions. I imagine this is because there are no assurances the information will remain secured.

What is your source for that statement? Do you have an official policy statement to back that up? I know of no such statement, so I would tend to assume that it is not a true statement of official policy. Thus as long as I am following proper procedures for handling confidential data, I see nothing wrong with using 3rd party applications.

There are lots and lots of things I do as part of my calling that I was not explicitly instructed to do by written policy. While I certainly strive not to do anything that is forbidden, I try to "do many things of [my] own free will" (http://scriptures.lds.org/en/dc/58/26#26). While I can certainly understand your interpretation, I just thought I would share mine.

Alan_Brown & everyone,

I got the prohibited from "Using MLS - Ward and Branch Insructions" document. Page 2
MLS to Be Installed in Meetinghouses only. MLS should not be installed on home or office computers. The database contains senstive membership and financial information that should not leave the meetinghouse.

Realizing this is talking about installing MLS elsewhere if we look at the explaination which states that the membership and financial information should not leave the meetinghouse.

Page 5
Data Export. You may export selected MLS membership data for use in a spreadsheet or a handheld-computer.

This is talking about the new Export feature which is only available to adminstrators. The permission is specifically limited to spreadsheets or a handheld-computer.

A key distinction that is that there are two types of data. The fenced off data which is limited to administrators which contains information which is both private and senstive and may only be known to the church. The second type of data is common public record data. This is limited to head of household names and phone numbers which are in phone books and is not unique to the church.

So what I was talking about was that this 3rd party product is directing members to violate the policy relating to fenced off data.

Is that not the case?

enriquer wrote:MLS to Be Installed in Meetinghouses only. MLS should not be installed on home or office computers. The database contains senstive membership and financial information that should not leave the meetinghouse.

Realizing this is talking about installing MLS elsewhere if we look at the explaination which states that the membership and financial information should not leave the meetinghouse.

Well, I can see how you might draw this conclusion (that even exported versions of the MLS membership data should not leave the meetinghouse) from just this reference, but if that were indeed the proper interpretation, then the other references to using this data on a hand-held computer would be totally pointless. Yet using the MLS membership data on a handheld-computer is explicitly allowed. Therefore the general conclusion that you drew from this statement is not valid. But it is indeed unfortunate that the statements conflict; it leads to confusion.

enriquer wrote:Data Export. You may export selected MLS membership data for use in a spreadsheet or a handheld-computer.

This is talking about the new Export feature which is only available to adminstrators. The permission is specifically limited to spreadsheets or a handheld-computer.

As I mentioned before, it's impossible to use this data on most handheld computers without also putting the data on whatever desktop application is used to sync. So either it's impossible to use a handheld computer (a ridiculous conclusion, given that it is explicitly allowed), or the data can indeed be loaded on a non-spreadsheet application. Again, we have an unfortunate contradiction within the policy itself. So do we follow the spirit of the law, protecting the security of the data, but not getting hung up about the exact application used, or do you follow the letter of the law (which in my opinion leads to a prohibition on using any handheld computer that requires the data to be loaded on a desktop application)?

enriquer wrote: A key distinction that is that there are two types of data. The fenced off data which is limited to administrators which contains information which is both private and senstive and may only be known to the church. The second type of data is common public record data. This is limited to head of household names and phone numbers which are in phone books and is not unique to the church.

So what I was talking about was that this 3rd party product is directing members to violate the policy relating to fenced off data.

Is that not the case?

I don't see anything in the policy which uses these terms or makes this distinction. I don't necessarily disagree with it, but where is it documented?

Finally, I would note that there are many third party applications (not just this one you happened across) which use exported MLS data. In particular, the MLS Companion Database has been mentioned extensively on this forum, and praised by forum moderators and administrators. If your restrictive interpretation of how exported data can be used is correct, then there are a lot of important people to call to repentance!:D

Alan & Co. (meaning the moderators),

Yes, it would seem that the guidelines in place are dated and not entirely in step with today. However, they are what we have been told to comply with.

Based on these guidelines MLS Companion Database as well as ldsauxiliaryassistant.com are in violation.


Let me fill in some blanks which are needed to avoid skewing the perspective. The fenced off data are the following options on the Export menu:

-Export Membership Data (Membership.csv)
-Export Home Teaching Data (HomeTeaching.csv)
-Export Visiting Teaching Data (VisitingTeaching.csv)
-Export Organization Data (Organization.csv)


The fenced off data that is permitted for spreadsheets and handheld-computers are the following options on the Export menu:

-Export Palm Family Data (PalmFamily.csv)
-Export Paul Individual Data (PalmIndividual.csv)

In summary, we need two determinations:
1. We need a distinction between fenced off and common data.
2. We also need determinations on what can "currently" be exported and more importantly what cannot.

Again, keep in mind I am pursuing "offical" and/or "factual" responses. So can you get someone in the know to give us an official determination?

Thank you!

Curious. This document from here says both . . .

The database contains sensitive membership and financial information that should not leave the meetinghouse (page 2).

and . . .

Once a month you should make a copy of the backup and store it at a location away from the building (page 3).

Um . . . right hand, meet the left hand.

enriquer wrote:Yes, it would seem that the guidelines in place are dated and not entirely in step with today. However, they are what we have been told to comply with.

Based on these guidelines MLS Companion Database as well as ldsauxiliaryassistant.com are in violation.
...

In summary, we need two determinations:
1. We need a distinction between fenced off and common data.
2. We also need determinations on what can "currently" be exported and more importantly what cannot.

Again, keep in mind I am pursuing "offical" and/or "factual" responses. So can you get someone in the know to give us an official determination?

You need to understand that most of the moderators are not even Church employees. I am not. We don't have any access to official statements beyond the published policy. We simply read the same policy documents that you do, and offer citations and our best interpretation based on our reading and experience.

In this case, you have read what I have read, but you have drawn different conclusions. You have the opinion that those products are in violation of policy (although you state it as fact); I disagree. This forum is a place for us (the combined clerk community) to share experience and resources; although there are some Church employees participating in the forum, few if any of them are authorized to declare official policy.

I have taken this discussion as far as I can. I personally doubt that the Church will be inclined to issue a special policy statement beyond what has been issued, but perhaps some Church employee will pick this up and pursue it for you. If what you seek is a specific policy declaration, you may well want to pursue it with Clerk Support.

jbh001,
No left or right hand issue. This gets back to the experience level here. You see the exports are just text files in CSV format wheras the backups are binary encrypted files. So if you open the exports in notepad they are human readable where as the backups look like a special character memory dump which cannot be abused.

Alan_Brown,
Thanks. I have a call into CHQ Clerk Support. I have asked that they email me a definitive answer. I will report back when I have it.

I was only talking about the database, which we are instructed should never leave the meeting house, except once a month when it does (as a backup). The instructions should be word-smithed better to avoid the apparent contradiction. A level of experience shouldn't be required to decipher this.

Okay everyone here’s the scoop!

I just got off the phone with Cherish at CHQ Membership line. She verified the following:

MLS export function files which can be used off-site (away from meeting house)
The permission to use the export function files for spreadsheets or handheld-computer pertain to these two files PalmFamily.csv and PalmIndividual.csv

MLS export function files which cannot be used off-site
The other files available via the export function Membership.csv, HomeTeaching.csv, VisitingTeaching.csv, and Organization.csv

What constitutes sensitive membership data (aka fenced off data)
This pertains to all the data files which are available via the MLS export function.

What constitutes non-sensitive membership data (aka common data)
This sensitive data guidelines do not apply to the MLS clipboard save to file options which are often used by auxiliary leaders. This data is common [meaning not-privileged, not-proprietary, not-private], and therefore non-sensitive.

Examples:

* The Primary President needs a list of children in electronic form so she can prepare a game off-site for sharing time.

* The Young Women need a list of names so they can make certificates for awards off-site.

* The Relief Society needs a list of who visit teaches who so they can record visits in a spreadsheet off-site.

* The Bishop wants a list of youth who are graduating from seminary so he can write them personal messages off-site.


Based on this clarification the applications, such as MLS Companion Database, LDS Auxiliary Assistant, etc., which use sensitive data can only be allowed when approved by the Bishop with the limitation of only installing it on the ward clerk’s computer.

This way it never leaves the meeting house as instructed. Never leaving the meeting house specifically prohibits this sensitive info from being used outside of the control of the church.

I have shared what was confirmed today and I invited Cherish to chime in here to clarify anything I may have missed.

Cherish, I did my best to clarify for the primarily non-clerk audience here. Feel free to clarify further if needed.